CHICAGO- United Airlines (UA) is warning its flight attendants about a growing cyber threat, Cybercriminals are targeting employees with fake websites to steal login credentials and redirect their paychecks.
These attacks have already compromised sensitive accounts and benefits, including Flexible Spending Accounts (FSA) and Health Savings Accounts (HSA), which can result in substantial financial loss for victims.
Photo: Clément AlloingUnited Flight Attendant Targeted
Cybercriminals are deploying fake websites that closely resemble United Airlines official employee portals to trick flight attendants into entering their login credentials.
These fraudulent sites exploit trust by mimicking the design and functionality of legitimate platforms, often appearing in search engine results.
Once credentials are stolen, attackers gain access to sensitive systems, enabling them to redirect paychecks to their own accounts.
According to PYOK, Beyond paychecks, the scams threaten employees’ Flexible Spending Accounts (FSA) and Health Savings Accounts (HSA), which may hold thousands of dollars.
The Association of Flight Attendants (AFA-CWA), representing United’s crew members, has emphasized the severity of these attacks, noting that successful breaches could devastate personal finances.
The union urges vigilance, as cybercriminals use tactics like phishing emails and fraudulent calls to exploit unsuspecting victims.
These schemes are not new, but their sophistication is increasing. Search engines like Google and Bing often fail to filter out fraudulent sites, sometimes ranking them above authentic ones.
This visibility amplifies the risk, as employees may unknowingly click on malicious links while seeking quick access to payroll or benefits portals.
Photo: United AirlinesHow Phishing Scams Work
The phishing process begins with a fake website that prompts users to enter their username and password. These sites are created to look nearly identical to United Airlines’ internal systems, down to logos and layouts.
Once credentials are entered, the site may malfunction or redirect, but by then, the damage is done.
Attackers use the stolen details to log into genuine systems, altering payroll settings or siphoning funds from savings accounts.
In some cases, victims realize the site is fake when it fails to load properly, but the brief window is enough for criminals to act.
United has implemented two-factor authentication (2FA) to increase security, requiring a secondary verification step, such as a code sent to a registered device.
However, the AFA-CWA warns that employees must scrutinize 2FA requests, as blind approval could grant attackers access if credentials are already compromised.
Similar scams have targeted airline passengers, with fake customer service numbers appearing in search results.
These numbers connect to impostors who extract credit card details under the guise of resolving travel issues. For employees, the stakes are higher, as stolen credentials can lead to significant financial losses.
How to Identify and Avoid Fake Websites
- Check the URL: Look for misspellings, extra characters, or unusual domain extensions.
- Use Bookmarked Links: Access sensitive portals only through saved or company-provided links.
- Verify Security Certificates: Legitimate sites display HTTPS and a padlock icon.
- Avoid Search Engine Reliance: Cybercriminals manipulate SEO to push fake sites to the top of results.
The AFA stresses that awareness is the first line of defense, urging employees to report suspicious activity immediately.
Photo: Dylan T | FlickrBottom Line
Although the primary victims are currently United Airlines (UA) employees, similar scams are prevalent across the airline industry.
Hackers increasingly use these tactics to exploit gaps in digital vigilance, and current search engine safeguards have not been fully effective at blocking malicious sites.
Security education remains critical. The AFA-CWA reminds all staff that assuming they are potential targets is the first step in securing their financial data. Vigilance, cautious access habits, and secure login methods are essential defenses in the ongoing battle against digital threats.
Stay tuned with us. Further, follow us on social media for the latest updates.
Join us on Telegram Group for the Latest Aviation Updates. Subsequently, follow us on Google News
United Flight Attendants Negotiations Progress After 4 Years of Struggle
The post United Airlines Flight Attendants Targeted with Fake Sites to Steal Salary appeared first on Aviation A2Z.
